Network Monitoring Definition and Solutions

Network monitoring is far more strategic than its name implies. It involves watching for problems 24/7, but it's also about optimizing data flow and access in a complex and changing environment. Tools and services are as numerous and varied as the environments they guard and analyze.

Network monitoring for a corporate network is a critical IT function that can save money in network performance, employee productivity and infrastructure cost overruns. A network monitoring system monitors an internal network for problems. It can find and help resolve snail-paced webpage downloads, lost-in-space e-mail, questionable user activity and file delivery caused by overloaded, crashed servers, dicey network connections or other devices.

Network monitoring systems (NMSs) are much different from intrusion detection systems (IDSs) or intrusion prevention systems (IPSs). These other systems detect break-ins and prevent scurrilous activity from unauthorized users. An NMS lets you know how well the network is running during the course of ordinary operations; its focus isn't on security per se.

Network monitoring can be achieved using various software or a combination of plug-and-play hardware and software appliance solutions. Virtually any kind of network can be monitored. It doesn't matter whether it's wireless or wired, a corporate LAN, VPN or service provider WAN. You can monitor devices on different operating systems with a multitude of functions, ranging from BlackBerrys and cell phones, to servers, routers and switches. These systems can help you identify specific activities and performance metrics, producing results that enable a business to address various and sundry needs, including meeting compliance requirements, stomping out internal security threats and providing more operational visibility.

Deciding specifically what to monitor on your network is as important as giving network monitoring a general thumbs up. You must be sure that your corporate network topology map is up to date. That map should accurately lay out the different types of networks to be monitored, which servers are running which applications on which operating system, how many desktops need to be counted into the mix and what kind of remote devices have access for each network. A dose of clarity at the outset makes choosing which monitoring tools to purchase down the line somewhat simpler.

You might think that if the network is up and running, there is no reason to mess with it. Why should you care about adding another project for your network managers to scribble across their whiteboards, already crammed floor-to-ceiling? The reasons to insist on network monitoring can be summarized on a high level into maintaining the network's current health, ensuring availability and improving performance. An NMS also can help you build a database of critical information that you can use to plan for future growth.

Network monitoring is like a visit to a cardiologist. You're combining experience, judgment and technology to chart a system's performance.

Your doctor is watching for danger signs as blood flows through vessels, valves and chambers of the heart, while your network monitoring systems are tracking data moving along cables and through servers, switches, connections and routers.

That analogy holds up especially when you consider how important real-time information is in both cases.

Of course, network monitoring differs in that smart companies don't settle for annual snapshots of system performance. Nor do they monitor only after the appearance of disturbing symptoms. They monitor their networks 24 hours a day, every day.

Network monitoring won't help unless you track the right things. The usual areas examined are bandwidth usage, application performance and server performance.

Monitoring traffic is a fundamental task, one on which all other network-building and -maintenance tasks are based. It generally focuses on resources that support internal end users. So network monitoring systems have evolved to oversee an assortment of devices:

• BlackBerrys

• Cell phones

• Servers and desktops

• Routers

• Switches

Some network monitoring systems come with automatic discovery, which is the ability to continuously record devices as they're added, removed or undergo configuration changes. These tools segregate devices dynamically. Some common rubrics are:

• IP address

• Service

• Type (switch, router, etc.)

• Physical location

Beyond the obvious advantage of knowing exactly — and in real time — what you have deployed, automatic discovery and categorization of segments helps you plan for growth. Underused hardware can take on new functions, for example. They also help pinpoint problems. If all devices at a given location are underperforming, there might be a resource-management problem to address.

By the same token, large networks often are networks of disparate networks. Segments can differ by vendor, generation, mission and other factors. Here, too, monitoring tools can make sense of the complexity.

Some common network types are:

• Wireless or wired

• A corporate local-area network (LAN)

• A virtual private network (VPN)

• A service provider's wide-area network (WAN)

If all those variables weren't enough, business markets are always demanding new site functions for internal and external use. Performance-sensitive functions (otherwise known as bandwidth hogs) include voice over IP (VoIP), Internet Protocol TV (IPTV) and video on demand (VOD). Monitoring enables managers to allocate resources to maintain system integrity.

But an NMS isn't an intrusion detection system (IDS) or intrusion prevention system (IPS). Those critical systems detect break-ins and prevent unauthorized activity. An NMS can detect troublesome actions, but that is not its mission.

While an NMS will map your network topology, for instance, it's up to managers to examine and decide the fate of each piece of the topology. A comprehensive monitoring report will help you answer tough questions:

• Simplicity in the form of homogenous systems can deliver savings, but can segments be replaced at an acceptable cost?

• Which operating systems and apps are on which servers, and are they necessary?

• Who are the power users, and what are they sending?

• How close to capacity are servers?

• What remote devices being used, and what are they being used for?

• How and where are remote devices entering the system?

• Who and what resources are managing the system?

Of course, stocked with this information and clean status reports, a budget-pressured exec might conclude that no problems mean no reason to change things. That's usually the wrong conclusion because businesses don't exist in a steady state.

Network monitoring systems themselves can be software or firmware, simple or complex.

Among the most simple are tools that send signals to devices to see how long it takes for the signal to return — digital echolocation. More relevant to most network managers are tools that ship with common tests and monitoring scripts and that can produce rich reports with graphics that summarize conditions from device-specific to network-wide.

Open-source tools are innovative, inexpensive and numerous. And they work with most tools and platforms.

No matter where you get your tools, though, aggressively investigate how well they will work in your environment, especially with the operating systems on your network.

If your network has become simply too complex and you can't keep tabs on what's happening, you can outsource monitoring. Outsourcers create levels of services and packages of functions to cover a wide variety of network environments and budgets.

Network monitoring products can be totally free, as with open-source apps) and they can be extremely expensive. Appliances, software-only solutions and services range from $50 on into five figures.